Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Warlock

The Warlock ransomware and operator(s) are believed to be attributed to Storm-2603, a China-based threat actor who is also known to have deployed LockBit ransomware. There's also a crossover between victims with Black Basta. Both are RaaS and have a long list of known and unknown affiliates. Having said that, this is possibly an affiliate (likely a cybergroup) of both of those groups. The Alliance & Association would technically be Encryptor Sharing, but this is realistically more of an "Old Affiliate" that created their own ransomware encryptor and operation.
Extension(s): .x2anylock

Victims
 

78

First Discovered
victim

2025-06-11

Last Discovered
victim

2025-11-06

Inactive Since
in days

83

Avg Delay
between attack and claim

26.6 days

Infostealer
for victim with domain

32.7%

View Victims on World Map

View group statistics

Known Locations (4)
Favicon Title Type Available Last Visit Server Info FQDN
favicon Warlock Client Leaked Data Show No 2025-07-11 05:30:13 elqfbcx5nofwtqfookqml7ltx2g6q6tmddys6e25vgu3al2meim6cbqd.onion
favicon WarLock Client Data Leak Show No 2026-01-28 19:00:28 zfytizegsze6uiswodhbaalyy5rawaytv2nzyzdkt3susbewviqqh7yd.onion
favicon Yes 2026-01-28 18:02:21 ocwjy4ynmpbbzhumh2ama2vl3bc77lf5auqf7nf4k45lbmzoep2rbyid.onion
favicon WarLock Client Data Leak Show Yes 2026-01-28 18:03:25 warlockhga5iw3t54ps5iytlilf7hlvxy7kwrkidspn4qoh64s4vsuyd.onion
Target (Available)
Top 5 Activity Sectors
  • Technology 20
  • Financial Services 3
  • Telecommunication 3
  • Agriculture and Food Production 2
  • Manufacturing 2
Top 5 Countries
  • US flag United States 12
  • JP flag Japan 5
  • RU flag Russian Federation 5
  • GB flag United Kingdom 4
  • TR flag Türkiye 2
Heatmap (Available)
Ransom Notes (2)
Tools Used (Available)
This information is provided by Ransomware-Tool-Matrix
Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
SecurityCheck
Radmin
VMTools AV Killer (BYOVD)
Mimikatz
Veeam-Get-Creds
Velociraptor
Cloudflared
OpenSSH
MinIO
VS Code Tunnel
Minidump
Vulnerabilities Exploited (0)

No vulnerabilities exploited available.

TTPs Matrix (0)

No TTPs available.

Negotiation Chats (0)

No negotiation chats available.

YARA Rules (0)

No YARA rules available.

Indicators of Compromise (IoCs) (4)
SHA256 1 TOX 3
Type IOC
sha256 da8de7257c6897d2220cdf9d4755b15aeb38715807e3665716d2ee761c266fdb
tox 3DCE1C43491FC92EA7010322040B254FDD2731001C2DDC2B9E819F0C946BDC3CD251FA3B694A
tox 84490152E99B9EC4BCFE16080AFCFD6FDCD87512027E85DB318F7B3440982637FC2847F71685
tox F79A71AD8BB2E3E7EDFC38970FDC05E922E429B5DFC325C7D0E91F216DE8F3537C1A1C97F197
Victims (78)
Logo
energogroup.net Warlock
Discovery Date: 2025-11-06
Estimated Attack Date: 2025-11-01
No description provided....
RU
Logo
goldenline.com Warlock
Discovery Date: 2025-11-06
Estimated Attack Date: 2025-11-01
No description provided....
PL
Logo
bengineered.com.au Warlock
Discovery Date: 2025-11-06
Estimated Attack Date: 2025-11-01
No description provided....
AU
Logo
mnpease.ca Warlock
Discovery Date: 2025-11-06
Estimated Attack Date: 2025-11-01
No description provided....
CA
Logo
metro.local Warlock
Discovery Date: 2025-11-06
Estimated Attack Date: 2025-11-01
No description provided....
Logo
cybervector.co.uk Warlock
Discovery Date: 2025-11-06
Estimated Attack Date: 2025-11-01
No description provided....
GB
Logo
fabrity.local Warlock
Discovery Date: 2025-11-06
Estimated Attack Date: 2025-11-01
No description provided....
Logo
miltech.local Warlock
Discovery Date: 2025-11-06
Estimated Attack Date: 2025-11-01
No description provided....
Logo
mytune.me Warlock
Discovery Date: 2025-11-06
Estimated Attack Date: 2025-11-01
No description provided....
Logo
atg.cz Warlock
Discovery Date: 2025-11-06
No description provided....
CZ
Logo
tein.co.jp Warlock
Discovery Date: 2025-11-06
No description provided....
JP
Logo
bel.quadra.ru Warlock
Discovery Date: 2025-11-06
No description provided....
RU
Logo
ippm.org Warlock
Discovery Date: 2025-11-06
No description provided....
Logo
sf.walltopia.com Warlock
Discovery Date: 2025-11-06
No description provided....
US
Logo
nartis.ru Warlock
Discovery Date: 2025-11-06
No description provided....
RU
Logo
alphasys.bo Warlock
Discovery Date: 2025-11-06
No description provided....
BO
Logo
silanosn.local Warlock
Discovery Date: 2025-11-06
No description provided....
Logo
siball.net Warlock
Discovery Date: 2025-09-23
all data...
RU
Logo
chroma.com.tw Warlock
Discovery Date: 2025-09-16
all data...
TW
Logo
ferus-smit.home Warlock
Discovery Date: 2025-09-16
all data...
Logo
jubileelife.com Warlock
Discovery Date: 2025-09-16
all data...
PK
Logo
kmssa.net Warlock
Discovery Date: 2025-09-16
all data...
SA
Logo
webville.net Warlock
Discovery Date: 2025-09-16
all data...
Logo
elssurveying.com Warlock
Discovery Date: 2025-09-16
all data...
US
Logo
medkar.com Warlock
Discovery Date: 2025-09-16
all data...
TR
Logo
okan.ru Warlock
Discovery Date: 2025-09-08
finance data...
RU
Logo
mffood.com Warlock
Discovery Date: 2025-09-01
300G data...
DK
Logo
gmpc.com Warlock
Discovery Date: 2025-09-01
No description provided....
Logo
airfastindonesia.com Warlock
Discovery Date: 2025-08-25
all user data...
ID
Logo
infoniqa.com Warlock
Discovery Date: 2025-08-18
165g data, including internal documents, financial documents, employee information, CRM database, HR...
AT
Logo
gmtaconline Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
PH
Logo
woodboure Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
Logo
STRGOME Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
Logo
argeninta Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
Logo
houra Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
FR
Logo
houxt Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
GB
Logo
getdomain Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
DK
Logo
kipl Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-06-25
The customer has not paid, and there are no other buyers within the validity period, please enjoy yo...
IN
Logo
nszi Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-06-25
The customer has not paid, and there are no other buyers within the validity period, please enjoy yo...
Logo
accsnet.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
JP
Logo
advion.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
US
Logo
mysecop.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-29
all data...
Logo
atcmanufacturing Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
Logo
orange.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
This is only a part of the files and file list. The full set of files needs to be purchased separate...
FR
Logo
anthembio.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
US
Logo
syspro.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
US
Logo
brightwork.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
[AI generated] BrightWork.com is a project management software company that provides solutions for t...
US
Logo
starsalliance.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-06
The data has been purchased by other buyers...
Logo
sipecom.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-06
all data...
EC
Logo
wytechnology.local Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-07
The data has been purchased by other buyers...
Logo
webcids.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-08
all data...
US
Logo
rougine-mfg.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-08
all data...
US
Logo
magcpa.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-14
all data...
US
Logo
wfd2027uae.ae Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-15
all data...
AE
Logo
tagorg.com Warlock
Discovery Date: 2025-08-17
all data...
JO
Logo
hitachi-hta.com Warlock
Discovery Date: 2025-08-17
all data...
JP
Logo
primrose.com Warlock
Discovery Date: 2025-08-17
all data...
GB
Logo
clearybuilding.us Warlock
Discovery Date: 2025-08-17
all data...
US
Logo
colt.net Warlock
Discovery Date: 2025-08-17
1 million documents,The full set of files needs to be purchased separately....
GB
Logo
currimjee Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-05-02
[AI generated] Currimjee Group is a Mauritian company engaged in diversified sectors since 1890. Its...
MU
Logo
via-optronics Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-05-02
[AI generated] Via Optronics is a global technology company that specializes in the production of in...
DE
Logo
iberol Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-10
[AI generated] N/A...
ES
Logo
eira-group Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-10
[AI generated] N/A...
FI
Logo
KMMP Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-28
[AI generated] N/A...
JP
Logo
nipponindiaim Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-30
[AI generated] Nippon India Mutual Fund (NIMF), previously known as Reliance Mutual Fund, is one of ...
IN
Logo
unilever Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-15
[AI generated] Unilever is a multinational corporation that sells branded consumer goods. Founded in...
NL
Logo
Ersar Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-04
[AI generated] N/A...
Logo
NCVOO Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-04
[AI generated] N/A...
BM
Logo
BTHK Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-02
All data...
HK
Logo
lactanet Warlock
Discovery Date: 2025-06-11
[AI generated] Lactanet is an agricultural company that provides critical information and innovative...
CA
Logo
ssi-mi Warlock
Discovery Date: 2025-06-11
[AI generated] N/A...
JP
Logo
dad Warlock
Discovery Date: 2025-06-11
[AI generated] N/A...
Logo
astronika Warlock
Discovery Date: 2025-06-11
[AI generated] Astronika is a Polish company that specializes in high-tech engineering solutions, wi...
PL
Logo
sras Warlock
Discovery Date: 2025-06-11
[AI generated] N/A...
Logo
icidesi Warlock
Discovery Date: 2025-06-11
[AI generated] N/A...
TR
Logo
taos Warlock
Discovery Date: 2025-06-11
[AI generated] Taos is a technology services and consulting firm that specializes in cloud, DevOps, ...
US
Logo
carducci Warlock
Discovery Date: 2025-06-11
[AI generated] Carducci is an esteemed fashion brand hailing from Cape Town, South Africa. Founded i...
Logo
Arch-con Warlock
Discovery Date: 2025-06-11
[AI generated] Arch-Con Corporation is a commercial construction company based in Houston, Texas. Th...
US